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1 An integrated approach to federated identity and privilege management in open B 



systems 

Rafae Bhatti, Elisa Bertino, Arif Ghafoor 
February 2007 Communications of the ACM, Volume 50 issue 2 
Publisher: ACM Press 
Full text available: odft40 



html(33.87 KB) 



Additional Information: full citation, abstract , references, index terms 



Online partnerships depend on federations of not only user identities but also of user 
entitlements across organizational boundaries. 

Session 4: Web service applications: Towards securing XML Web services 
Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati 
November 2002 Proceedings of the 2002 ACM workshop on XML security XMLSEC '02 
Publisher: ACM Press 

Full text available: ^ Updfd 98.65 KB) Additional Information: full citation , abstract, references, citings, index terms 



Security is currently one of the main concerns about XML Web services. Several initiatives 
are currently ongoing aimed at achieving a standardized way for supporting integrity, 
confidentiality, and access control for XML Web services. This paper looks into these 
approaches and gives some hints for future research. 

Keywords: SOAP, Web services, access control 



3 Security for Web services: Optimistic fair contract signing for Web services 
Hiroshi Maruyama, Taiga Nakamura, Tony Hsieh 

October 2003 Proceedings of the 2003 ACM workshop on XML security XMLSEC '03 

Publisher: ACM Press 

Full text available: ^pjj pdf( 120.24 KB) Additional Information: full citation , abstract , references , index terms 

Reliable and atomic transactions are a key to successful e-Business interactions. Reliable 
messaging subsystems, such as IBM's MQ Series, or broker-based techniques have been 
traditionally used for this purpose. In this paper, we take a radically different approach to 
address this problem, which is to apply the idea of Optimistic Fair Contract Signing 
recently proposed by Asokan, Shoup, and Waidner. We show a design of the protocol 
based on the latest XML and Web Services Security standar ... 



Keywords: Web services, fair contract signing, optimistic fair exchange 



4 The semantic e-business vision: Secure knowledge management and the semantic 
web 

JinKyu Lee, Shambhu J. Upadhyaya, H. Raghav Rao, Raj Sharman 
December 2005 Communications of the ACM, Volume 48 Issue 12 
Publisher: ACM Press 



http://portal.acm.org/resultsxfm?coll=ACM&dl=ACM&CFro 2/28/2007 



Results (page 1): SAML and mapping 



Page 2 of 5 



Full text available: « gg| ptfff 131.01 KB) jjjg] Additional Information: full citation, abstract , references, index terms 
html(27,79 KB) 

Strengthening security within the domain of shared knowledge is a critical issue, and great 
challenge, to businesses today. A number of different protocols currently available offer an 
array of benefits and limitations. 

Security and Middleware Services: Towards flexible credential verification in mobile ! 

ad-hoc networks 

Sye Loong Keoh, Emil Lupu 

October 2002 Proceedings of the second ACM international workshop on Principles of 
mobile computing POMC '02 

Publisher: ACM Press 

Full text available: <|g)pdf(291,24 KB) Additional Information: full cftatiPO, abstract references , index terms 



Ad-hoc networks facilitate interconnectivity between mobile devices without the support of 
a network infrastructure. In this paper we propose a flexible credential verification 
mechanism, which improves the likelihood that participants in an ad-hoc network can 
verify each other's credentials despite the lack of access to certification and attribute 
authorities. Users maintain Credential Assertion Statements (CASs), which are formed 
through extraction of X.509 and attribute certificates into an i ... 

Keywords: authentication, credential verification, security, trust 

Applications: Digital media and entertainment service delivery platform j 
Christopher J. Pavlovski, Quentin Staes-Polet 1 
November 2005 Proceedings of the first ACM international workshop on Multimedia 
service composition MSC '05 

Publisher: ACM Press 

Full text available: ^g |pdf(415.65 KB) Additional Information: full citation, abstract, references , index terms 

The emergence of broadband networks, for mobile and fixed environments, has stimulated 
the multimedia market for the delivery of enriched digital media and entertainment 
services. A key problem for institutions attempting to capitalize on these new channels for 
service delivery is a capability to deploy many multimedia services rapidly and cost 
effectively. The naive technique is to deploy such solutions independently as so called 
point solutions. The strategic approach is the development o ... 

Keywords: IP multimedia systems, digital media, reference architecture, service delivery 
platform, tripleplay, web service gateway 



7 Trust requirements in identity management 

Audun Josang, John Fabre, Brian Hay, James Dalziel, Simon Pope 

January 2005 Proceedings of the 2005 Australasian workshop on Grid computing and e- 
research - Volume 44 ACSW Frontiers '05 

Publisher: Australian Computer Society, Inc. 

Full text available: ^PoTO 64,43 KB) Additional Information: full citation, abst rac t , references, index terms 

Identity management refers to the process of representing and recognising entities as 
• digital identities in computer networks. Authentication, which is an integral part of identity 
management, serves to verify claims about holding specific identities. Identity 
management is therefore fundamental to, and sometimes include, other security 
constructs such as authorisation and access control. Different identity management 
models will have different trust requirements. Since there are costs associate ... 

DIM frameworks: A delegation framework for federated identity management 
Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono, Satoru Fujita 

November 2005 Proceedings of the 2005 workshop on Digital identity management DIM 
'05 

Publisher: ACM Press 

Full text available: pdf(243.Q6 KB) Additional Information: full citation, abstract, references, index terms 



Identity federation is a powerful scheme that links accounts of users maintained distinctly 
by different business partners. The concept of network identity is a driver for accelerating 
automation of Web Services on the Internet for users on their behalf while protecting 
privacy of their personally identifiable information. Although users of Web Services 
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essentially delegate some or all privileges to an entity to perform actions, current identity 
based systems do not take into sufficient consider ... 

Keywords: access control, delegation, identity federation, privilege, role 



XML security: Certificate validation service using XKMS for computational grid 
Namje Park, Kiyoung Moon, Sungwon Sohn 

October 2003 Proceedings of the 2003 ACM workshop on XML security XMLSEC '03 

Publisher: ACM Press 

Full text available: pdf(7. Q1 MB) Additional Information: full citation , abstract , references, index terms 



A computational grid is a hardware and software infrastructure capable of providing 
dependable, consistent, pervasive, and inexpensive access to high-end computational 
resource. There are many ways to access the resources of a computational grid, each with 
unique security requirements and implications for both the resource user and the resource 
provider. Current Grid security Infrastructure using PKI based on SSO. But open grid 
service Security Infrastructure in Global Grid Forum(GGF) will exten ... 

Keywords: GSI, XKMS, XML, XML security, certificate validation, grid, key management, 
security 



A survey of autonomic communications 

Simon Dobson, Spyros Denazis, Antonio Fernandez, Dominique Gai'ti, Erol Gelenbe, Fabio 

Massacci, Paddy Nixon, Fabrice Saffre, Nikita Schmidt, Franco Zambonelli 

December 2006 ACM Transactions on Autonomous and Adaptive Systems (TAAS), volume 

1 Issue 2 
Publisher: ACM Press 

Full text available: *ji pdfY300.86 KB) Additional Information: full citation, abstract , references, index terms 



Autonomic communications seek to improve the ability of network and services to cope 
with unpredicted change, including changes in topology, load, task, the physical and 
logical characteristics of the networks that can be accessed, and so forth. Broad-ranging 
autonomic solutions require designers to account for a range of end-to-end issues 
affecting programming models, network and contextual modeling and reasoning, 
decentralised algorithms, trust acquisition and maintenance— issues whose soluti ... 

Keywords: Autonomic communication 



11 Ontologies and web services: Agents for e-business applications 

A. Negri, A. Poggi, M. Tomaiuolo, P. Turci 
s/ May 2006 Proceedings of the fifth international joint conference on Autonomous 
agents and multiagent systems AAMAS '06 

Publisher: ACM Press 

Full text available: pdf(320.72 KB) Additional Information: full citation, abstract, references , index terms 

Web services are increasingly utilized by organizations that want to improve 
responsiveness and efficiency. While they may be used in an isolated way, the need of 
integrating them as part of workflow processes is more and more felt. However the 
creation of applications composed of dynamically selected basic services entails facing two 
essential issues: how to efficiently discover Web services and how to allow and facilitate 
their composition. In this paper, we propose an agent-based framework rep ... 

Keywords: agent-mediated e-business, ontology, security, service discovery and 
composition, web services, workflow 




Overview of some patterns for architecting and managing composite web services 
^ B. Benatallah, M. Dumas, M.-C. Fauvet, F. A. Rabhi, Quan Z. Sheng 
June 2002 ACM SIGecom Exchanges, Volume 3 Issue 3 
Publisher: ACM Press 

Full text available: ^jjjjjpdff 126.49 KB) Additional Information: full citation. flbsUaci, references, cjiinaa. index terms 

The composition of Web services has gained a considerable momentum as a paradigm for 
enabling Business-to-Business (B2B) Collaborations. Numerous technologies supporting 
this new paradigm are rapidly emerging, thereby creating a need for methodologies that 
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1 An integrated approach to federated identity and privilege management in open 
systems 

Rafae Bhatti, ENsa Bertino, Arif Ghafoor 
February 2007 Communications of the ACM, volume 50 Issue 2 
Publisher: ACM Press 
Full text available: ^jj H pdtt40 



htmi(33.87 KB) 
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Online partnerships depend on federations of not only user identities but also of user 
entitlements across organizational boundaries. 

2 Privacy protection: Managing privacy preferences for federated identity management 
Gail-Joon Ann, John Lam 

November 2005 Proceedings of the 2005 workshop on Digital identity management DIM 
•05 

Publisher: ACM Press 

Full text available: ^ fl pdff207.65 KB^ Additional Information: full citation , abstract, references , index terms 



We have witnessed that the Internet is now a prime vehicle for business, community, and 
personal interactions. The notion of identity is the important component of this vehicle. 
Identity management has been recently considered to be a viable solution for simplifying 
user management across enterprise applications. The network identity of each user is the 
global set of personal credentials and preferences constituting the various accounts. The 
prevalence of business alliances or coalitions necessi ... 



Keywords: identity management, policy languages, privacy 



3 Privacy Preserving Trust Authorization Framework Using XACML 
U. M. Mbanaso, G. S. Cooper, D. W. Chadwick, Seth Proctor 

June 2006 Proceedings of the 2006 International Symposium on on World of Wireless, 
Mobile and Multimedia Networks WOWMOM '06 

Publisher: IEEE Computer Society 

Full text available: ^Pdf(244,14 KB) Additional Information: full citation , abstract, index terms 

Nowadays many organizations share sensitive services through open network systems and 
this raises the need for an authorization framework that can interoperate even when the 
parties have no pre-existing relationships. Trust Negotiation is the process used to 
establish these first relationships, through the transfer of attributes, embedded in digital 
credentials, between the two parties. However, these attributes may themselves be 
considered sensitive and so may need protection from disclosure. I ... 

4 Mobile services and technology track: A conceptual approach to information security 
in financial account aggregation 

Manish Agrawal, Hemant Padmanabhan, Lokesh Pandey, H. R. Rao, Shambhu Upadhyaya 
March 2004 Proceedings of the 6th international conference on Electronic commerce 
ICEC '04 
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Publisher: ACM Press 

Full text available: ^pjjodfn 73.70 KB) Additional Information: full citation, abstract, references 

An important dimension of mobile computing is the ubiquitous and location-independent 
availability of data. Aggregation is the ability to electronically access and display personal 
account information from disparate sources through a single identity. The client financial 
data is assembled in an organized format providing meaningful summarization and 
analysis. The prevalent methods of aggregation pose issues in information security and 
assurance. Utilizing advances in Internet technology such as ... 

Keywords: account service providers, aggregation, identity service providers, scraping 



Interoperable Web services for computational portals 

Marlon Pierce, Geoffrey Fox, Choonhan Youn, Steve Mock, Kurt Mueller, Ozgur Balsoy 
November 2002 Proceedings of the 2002 ACM/IEEE conference on Supercomputing 
Supercomputing '02 

Publisher: IEEE Computer Society Press 

Full text available: ^jpf | pdf(278.00 KB) Additional Information: full citation, abstract, references, citings, index terms 



Computational web portals are designed to simplify access to diverse sets of high 
performance computing resources, typically through an interface to computational Grid 
tools. An important shortcoming of these portals is their lack of interoperable and reusable 
services. This paper presents an overview of research efforts undertaken by our group to 
build interoperating portal services around a Web Services model. We present a 
comprehensive view of an interoperable portal architecture, beginning w ... 

Virtual enterprise access control requirements I 
M. Coetzee, Jan H. P. Eloff 1 
September 2003 Proceedings of the 2003 annual research conference of the South 

African institute of computer scientists and information technologists on 

Enablement through technology SAICSIT '03 
Publisher: South African Institute for Computer Scientists and Information Technologists 

Full text available: g)pdf(1 26,Q3 K3) , Additional Information: full citation , ebstract, references , citinps. index terms 



Current developments in IT point towards the formation of loosely coupled enterprises, 
often referred to as virtual enterprises. These enterprises require both secure and flexible 
collaboration between unrelated information systems. Web services technology can be 
used as an ideal platform for realising virtual enterprises throughh their ease of 
integration, flexibility, and support of XML vocabularies. To ensure the successful 
implementation of Web services within virtual enterprises, new approa ... 

Keywords: B2B, SOAP, XML, access control, design, federation, management, roles, 
security, standardization, trust, virtual enterprises, web services 



7 Session 2: secure Web services: Designing a distributed access control processor for 
network services on the Web 
Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security XMLSEC '02 

Publisher: ACM Press 

Full text available: ^fj|pdf(3P1.14 KB) Additional Information: full citation , abstract, references , citings , index terms 



The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision 
of many,and might represent a step towards the semantic Web. However, security is a 
crucial requirement for the serious usage and adoption of the Web services technology. 
This paper enumerates design goals for an access control model for Web services. It then 
introduces an abstract general model for Web services components, along ... 

Keywords: Web services, XML, access control, security 



Security watch: Standards insecurity 
Rebecca T. Mercuri 

December 2003 Communications of the ACM, Volume 46 Issue 12 
Publisher: ACM Press 
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